In this documentation, we will configure apache to delegate authentication to mod_perl. It's tested on apache2 (apache2-mpm-prefork) with mysql and postgresql but should work with allmost every databases for which there is a perl DBD module. Apache2 with the high speed thread model might not load Perl correctly (apache2-mpm-worker).

You need a working apache on your SVN server and you must install some modules at least mod_dav_svn, mod_perl2, DBI and DBD::mysql (or the DBD driver for you database as it should work on allmost all databases).

If the repositories are not created automatically by reposman.rb, it is important that the repository name is the same as the project identifier in Redmine, otherwise Redmine.pm will fail to authenticate users. For example, if the path to the repository is /path/to/repository/foo-bar, then the project Identifier on the Settings page must be foo-bar.

If you want to connect your LDAP authentication to Apache, you can install the Authen::Simple::LDAP perl module. I found that connecting to my LDAP server to authenticate with every request can be quite slow. I added the following to my configuration and had a significant performance increase. If you have configured an encrypted connection to the LDAP server you will need the IO::Socket::SSL module.

NOTE: the above wording is a little confusing. I attempt to clear up the issues I had with this in the following paragraph.

First of all, make sure that you have the Net::LDAP module installed as well. I installed Authen::Simple::LDAP through CPAN and found that nothing worked. Eventually I figured out that this was because the Authen::Simple::LDAP did not require the Net::LDAP module as a dependency but it is needed for our purpose here. I did this on CentOS and it seems that the Net::LDAP module can be installed via yum (yum install perl-LDAP) but the Authen::Simple::LDAP had to be installed via CPAN since there's no RPM for it in the CentOS repositories.

To install the Authen::Simple::LDAP using CPAN use commands:

cpan
cpan> install Authen::Simple::LDAP

if the installation failed due to some dependencies, resolve the dependencies first.

My second point is related to the below Apache config. The PerlLoadModule Authen::Simple::LDAP is actually not required for having users authenticated via LDAP. It will happen automatically if both of the above modules are installed. So there really is no difference between the config snippet below and the one above except for the RedmineCacheCredsMax 50 line which is probably a good idea although it can result in users that have been deleted or removed in redmine still getting access to the repositories, at least for a little while.

If you run this in Phusion Passenger, make sure you don't turn PassengerHighPerformance on. If you do, the rewrites to catch subversion dav will be bypassed with some interesting dump in the log as a result.Example:

When using Authen::Simple::LDAP for authentication, it is not sufficient to have the Administrator role to access a repository. The user must have a role with that specifically allows the user to browse, read, or write the repository.